search

schomery / privacy-settings

Alter Firefox's built-in privacy settings easily with a toolbar panel
http://firefox.add0n.com/privacy-settings.html
165 stars 24 forks source link

rationale behind disabling dom.event.clipboardevents.enabled #31

Closed monperrus closed 8 years ago

monperrus commented 8 years ago

Disabling dom.event.clipboardevents.enabled breaks copy'n'paste in many sites, such as Github inline editor, Gmail, etc.

What's the privacy rationale behind disabling dom.event.clipboardevents.enabled?

schomery commented 8 years ago

http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/

monperrus commented 8 years ago

does this mean that a page can read my clipboard? (which sometimes contains passwords...)

schomery commented 8 years ago

Not directly from Clipboard, but when you press Ctrl + C or Ctrl + V, scripts on the active page have access to the content.

You can try it yourself. Just open the Web Console and paste the following code:

document.addEventListener('copy', function(e){
    console.error(e);
});
document.addEventListener('paste', function(e){
    console.error(e);
});
schomery commented 8 years ago

I am going to enable dom.event.clipboardevents.enabled on compatible modes for the next version though.

Thanks for the report.

Neustradamus commented 4 years ago

If it is disabled (dom.event.clipboardevents.enabled = false), there is a problem with: